How to Create and Share a Multilevel Dataset

Multilevel datasets are useful containers when you downgrade or upgrade information. For more
information, see Multilevel Datasets for Relabeling Files. Multilevel datasets are also useful for multilevel NFS file servers
to provide files at many labels to a number of NFS clients.

Before You Begin

To create a multilevel dataset, you must be in the root role in
the global zone.

Create a multilevel dataset.

# zfs create -o mountpoint=/multi -o multilevel=on rpool/multi

rpool/multi is a multilevel dataset that is mounted in the global zone at
/multi.

NFS-mounted multilevel datasets permit writing files at the same label as the mounting
zone and reading lower-level files. The label of the mounted files cannot be
viewed reliably or set. For more information, see Mounting Multilevel Datasets From Another System.

In this example, the administrator creates a multilevel dataset with a upper bound,
or highest label, that is lower than the default, ADMIN_HIGH. At dataset
creation, the administrator specifies the upper label bound in the mslabel property. This
upper bound prevents global zone processes from creating any files or directories in
the multilevel dataset. Only labeled zone processes can create directories and files in
the dataset. Because the multilevel property is on, the mlslabel property sets the upper
bound, not the label for a single-label dataset.

On the File Browser for the portable media, choose Eject from the File
menu.

Note - Remember to physically affix a label to the media with the sensitivity label
of the copied files.

Example 4-8 Keeping Configuration Files Identical on All Systems

The system administrator wants to ensure that every system is configured with the
same settings. So, on the first system that is configured, the administrator creates
a directory that cannot be deleted between reboots. In that directory, the administrator
places the files that must be identical or very similar on all systems.

For example, the administrator modifies the policy.conf file, and the default login and
passwd files for this site. So, the administrator copies the following files to
the permanent directory.